Outlook Security Alert

Problem: When opening Microsoft Outlook you receive a Security Alert “Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site’s security certificate.”

Solution: The self-signed certificate that was created during the Exchange 2007 installation expires after one year. Use Exchange Management Shell to validate this is the problem you’re experiencing by running the “Get-ExchangeCertificate | List” cmdlet. NotAfter shows the certificate expiration date, Services shows the mail services that are being used by a particular certificate, and Thumbprint will be used to resolve this problem if your certificate is indeed expired.

Use the Exchange Management Shell to renew your default self-signed certificate to resolve this problem if it is expired. Note, this procedure cannot be used to renew a certificate purchased from a trusted certificate authority. First, obtain the thumbprint of the current default certificate by running the “Get-ExchangeCertificate | List” cmdlet. Next, clone the current certificate by running “Get-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | New-ExchangeCertificate”. Remove the expired certificate with the “Remove-ExchangeCertificate -Thumbprint xxOLDTHUMBPRINTxx” cmdlet. The new cloned certificate will be good for one year.

Solution #2: You also have the option of creating a new self-signed certificate. Verify your certificate is expired and obtain its Thumbprint by using that portion of the above procedure. Create a new self-signed certificate by using the “New-ExchangeCertificate” cmdlet. You’ll be prompted to replace the default certificate, choose yes. Associate the new certificate with IIS with the “Enable-ExchangeCertificate -Thumbprint xxNEWTHUNBPRINTxx -Service IIS” cmdlet unless you have purchased a certificate from a trusted certificate authority and it is associated with IIS. Remove the expired certificate. This option is less desirable than renewing the current certificate since any modifications made to the Exchange website SSL settings could be affected since SSL is removed, re-added, and reset as “Require 128-bit encryption”.

Links

My Guest Blog Articles

User Groups

Disclaimer

All data and information provided on this site is for informational purposes only. Mike F Robbins (mikefrobbins.com) makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.